North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: IOS new architechture will be more vulnerable?
- From: Aaron Glenn
- Date: Wed Aug 03 06:50:49 2005
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bmHCz4/2wQV8C1fd49of8iF/WcOIZQa7aaIqd2zmUwOBCTwqfRKTX7JKe3kenQRdqPkcVKgz4OHhZuI1nxXRMST9fKT5NdXffFtwa0Gbf+cAoiqDamXN+OwypkaBeEYPyjHouKuoILLDuOtkdrrcK1Qlei6m5sL7hbX6TgZ1CLY=
On 8/3/05, Saku Ytti <saku+nanog@ytti.fi> wrote:
> You might want to read lynn-cisco.pdf. This means that today to
> exploit heap overflows you need to know the offsets per release, supposedly
> tomorrow the offsets will be static per releasese in new (in some terms better)
> architecture, which will make exploiting heap overflows much more feasible.
without getting *too* off topic...
...here's what the junior kernel hacker in me doesn't quite understand
- doesn't software like ProPolice and it's brethren mitigate this type
of vulnerability specifically? What, precisely, prevents Cisco from
implementing such code in with their architecture?
aaron.glenn
|
